Thanks samboll, much appreciated. However the HTTPS for WordPress plug-in doesn't actually appear to be a plug-in for changing a page to https. It seems only to create a more compatible environment for https. Also it says it's only compatible up to 2.5

Hi J, the form isn't public yet but we're using csforms II and, for the moment, we can't use SSL SMTP to send the submissions but I'm looking into using a plugin called Subrosa to encrypt them with a public key.

Thanks for the tip about protecting the data rather than the page. I'm still very much a learner at this point. Because of this I'm going for the belt and braces approach.

I'd also like to protect the page to give users the security that the page is definitely ours and not a phishing site.

A friend of mine likes to ask people "What are you trying to accomplish?"

If you want to keep the end user's contact data reasonably private, then the form submission should via SSL should protect the data in transit when sent back to your web server. That should cover the HTTP/HTTPS portion.

Dunno about the phishing part; unless your web page is trying to look like someone else's then I think you'll be fine there.

For the e-mail portion, you'd need to make sure that your mail system defers to SSL/TLS and that the receiver mail server does too. Ask your host company about that. If they say something along the lines of "Postfix/Sendmail... STARTTLS is supported... client and server side..." then you're probably good for that one hop. Subsequent SMTP hops, maybe not but that would be out of your control.

If they reply back with "Huh?" then you might want to look into PGP'ing your e-mail. That's a loooong conversation about private/public encryption keys and you may be best served by just worrying about the HTTP/HTTPS portion :)

Yeah, as I said, we can't send using SSL SMTP for the moment because we don't have a hosting package that supports that. We're thinking of moving to such a hosting package but in the time being I am going to try encrypting the mail with S/MIME.

With regard to phishing the point is somebody else could pretend to be us and trick people into submitting information via another website address. One way to mitigate that is to use https to protect our page so that users can be sure they're on the right webpage.

We could force our whole website to https but we I don't want to slow down the other pages unnecessarily.

Man, I figured it out. Finally!!
I do believe it is a media temple thing, but at least I figured it out. In the wp-includes/cononial.php file you have to change 'HOST_NAME' to 'SERVER_NAME' on line 48.

Christiann, I use admin SSL to force it to use SSL on certain directories. I have no problem making that work. I was having a problem loading anything at all with HTTPS. I kept getting redirect errors. Now after that fix, I don't have any issues. I'm able to make the entire site just HTTP and when someone goes to the credit application page it is HTTPS. Check it out. Joplin USED CARS